Hi,
I have installed Proxmox on a root server at netcup. I want to use this server for services like Pi-Hole, wireguard, Nextcloud, Caddy etc. First I had a setup with another (smallest config) server running OPNSense in front of it which worked but was very slow. So I have removed the OPNSense and connected the Proxmox server directly to the internet again. I followed the NAT configuration at https://pve.proxmox.com/wiki/Network_Configuration to set up vmbr0 (192.168.5.0/24) and created a vmbr1 network (192.168.6.0/24) for internal communication that shall not be exposed to the internet, for example to be routed though the caddy reverse proxy.
The problem: On one LXC (wireguard, created after disconnecting the OPNSense) I can access the internet, another LXC (PiHole, created and when OPNsense was used) is not able to connect to / ping anything outside the Proxmox host. The network configuration on both containers is similar.
Proxmox host setup:
/etc/network/interfaces:
Wireguard LXC (has internet access):
/etc/network/interfaces
PiHole LXC (no internet access):
My config:
ping test:
EDIT: I just realised there is packet loss on the wireguard machine. Doing the same ping some seconds later there is no packet loss so I assume it's the first packets only.
EDIT2: all machines can ping each other and the Proxmox host.
Thanks in advance for your help!
I have installed Proxmox on a root server at netcup. I want to use this server for services like Pi-Hole, wireguard, Nextcloud, Caddy etc. First I had a setup with another (smallest config) server running OPNSense in front of it which worked but was very slow. So I have removed the OPNSense and connected the Proxmox server directly to the internet again. I followed the NAT configuration at https://pve.proxmox.com/wiki/Network_Configuration to set up vmbr0 (192.168.5.0/24) and created a vmbr1 network (192.168.6.0/24) for internal communication that shall not be exposed to the internet, for example to be routed though the caddy reverse proxy.
The problem: On one LXC (wireguard, created after disconnecting the OPNSense) I can access the internet, another LXC (PiHole, created and when OPNsense was used) is not able to connect to / ping anything outside the Proxmox host. The network configuration on both containers is similar.
Proxmox host setup:
/etc/network/interfaces:
Code:
auto lo
iface lo inet loopback
auto ens3
iface ens3 inet static
address 45.157.XXX.YYY/22
gateway 45.157.ZZZ.1
dns-nameservers 46.38.225.230 212.60.61.246
auto vmbr0
iface vmbr0 inet static
address 192.168.5.10/24
bridge-ports none
bridge-stp off
bridge-fd 0
#extern, ROT
auto vmbr1
iface vmbr1 inet static
address 192.168.6.10/24
bridge-ports none
bridge-stp off
bridge-fd 0
#intern, GRÜN
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.5.0/24' -o ens3 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.5.0/24' -o ens3 -j MASQUERADE
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1Wireguard LXC (has internet access):
/etc/network/interfaces
Code:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.5.23/24
gateway 192.168.5.10
dns-nameservers 192.168.5.20
auto eth1
iface eth1 inet static
address 192.168.6.23/24PiHole LXC (no internet access):
Code:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.5.20/24
gateway 192.168.5.10
dns-nameservers 46.38.225.230 212.60.61.246
auto eth1
iface eth1 inet static
address 192.168.6.20/24My config:
Code:
uname -r: 5.4.65-1-pve
lxc-ls --version: 4.0.3
cat /proc/sys/net/ipv4/ip_forward: 1ping test:
Code:
root@phdns:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.5.20 icmp_seq=1 Destination Host Unreachable
From 192.168.5.20 icmp_seq=2 Destination Host Unreachable
From 192.168.5.20 icmp_seq=3 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 95ms
pipe 4
Code:
root@wireguard:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=9 ttl=119 time=3.72 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=119 time=3.57 ms
64 bytes from 8.8.8.8: icmp_seq=11 ttl=119 time=3.61 ms
64 bytes from 8.8.8.8: icmp_seq=12 ttl=119 time=3.63 ms
^C
--- 8.8.8.8 ping statistics ---
12 packets transmitted, 4 received, 66.6667% packet loss, time 202ms
rtt min/avg/max/mdev = 3.569/3.631/3.716/0.091 msEDIT: I just realised there is packet loss on the wireguard machine. Doing the same ping some seconds later there is no packet loss so I assume it's the first packets only.
EDIT2: all machines can ping each other and the Proxmox host.
Thanks in advance for your help!
Last edited: